Home > Testing > ContribAI

ContribAI

Autonomous AI agent that contributes to open source — discovers repos, analyzes code, generates fixes, and submits PRs

agent ai ai-agent automation autonomous-agent code-analysis code-quality contributions rust

Why this rank:Strong adoptionRelease freshnessHealthy release cadence

Description

Autonomous AI agent that contributes to open source — discovers repos, analyzes code, generates fixes, and submits PRs

README

ContribAI

Autonomous AI agent that discovers, analyzes, and submits
Pull Requests to open source projects on GitHub.

Getting Started · Features · Commands · Architecture · Hall of Fame

Set it up once. Wake up to merged PRs.

🏆 Track Record

Metric
PRs Submitted	`44+`
PRs Merged	`10`
Repos Contributed	`21+`
Languages Analyzed	`13`

Notable Contributions:

🌍 Worldmonitor — 45k ⭐ · 3 merged
🕵️ Maigret — 19k ⭐ · 3 merged
🤖 AI-Research-SKILLs — 6k ⭐ · 1 merged
📊 s-tui — 5k ⭐ · 1 merged
🔍 HolmesGPT — 2k ⭐ · 1 merged

See the full Hall of Fame → for every PR with links.

⚡ How It Works

┌─────────────┐     ┌─────────────┐     ┌─────────────┐     ┌─────────────┐     ┌─────────────┐
│  Discovery  │────▶│  Analysis   │────▶│  Generator  │────▶│  PR + CI    │────▶│   Patrol    │
│             │     │             │     │             │     │             │     │             │
│ Search repos│     │ 13-lang AST │     │ LLM-powered │     │ Fork, commit│     │ Auto-fix    │
│ by language │     │ 17 skills   │     │ code gen +  │     │ create PR   │     │ review      │
│ and stars   │     │ security,   │     │ self-review │     │ sign CLA    │     │ feedback    │
│             │     │ quality,    │     │ + scoring   │     │ monitor CI  │     │ & reply     │
│             │     │ performance │     │             │     │             │     │             │
└─────────────┘     └─────────────┘     └─────────────┘     └─────────────┘     └─────────────┘

🚀 Getting Started

Install

# Build from source (recommended)
git clone https://github.com/tang-vu/ContribAI.git && cd ContribAI
cargo install --path crates/contribai-rs

# Or one-line install
curl -fsSL https://raw.githubusercontent.com/tang-vu/ContribAI/main/install.sh | bash
# Windows:
irm https://raw.githubusercontent.com/tang-vu/ContribAI/main/install.ps1 | iex

Configure

contribai init     # Interactive setup wizard
contribai login    # Verify auth + switch LLM providers

Run

contribai hunt                # Autonomous: discover → analyze → PR
contribai target <repo_url>   # Target a specific repo
contribai analyze <repo_url>  # Dry-run analysis (no PRs)
contribai interactive         # Browse in ratatui TUI

📝 Example config.yaml

github:
  token: "ghp_your_token"       # or set GITHUB_TOKEN env var

llm:
  provider: "gemini"            # gemini | openai | anthropic | ollama | vertex
  model: "gemini-3-flash-preview"
  api_key: "your_api_key"       # or set GEMINI_API_KEY env var
  # base_url: "https://api.openai.com/v1"  # Optional: override default endpoint for OpenAI-compatible providers

discovery:
  languages:                    # default: all 15 languages
    - python
    - javascript
    - typescript
    - go
    - rust
  stars_range: [100, 5000]

See config.yaml.template for all options.

✨ Features

🔍 Code Analysis

13-language AST via tree-sitter
Security: SQLi, XSS, resource leaks
Code quality, complexity, dead code
Performance bottlenecks
Documentation gaps
17 progressive skills loaded on-demand

🤖 Multi-LLM Support

Gemini 3.x (default) — Flash, Pro, Lite tiers
OpenAI, Anthropic, Ollama, Vertex AI
Smart task routing across model tiers
5 specialized sub-agents

🎯 Hunt Mode

Multi-round autonomous hunting
Issue-first strategy
Cross-file fixes
Outcome learning per repo

👁 PR Patrol

Monitors PRs for review feedback
LLM-classifies maintainer comments
Auto-pushes code fixes
Auto-replies to questions
Auto-cleans stale PRs from memory

🔌 Integrations

MCP Server — 21 tools for Claude Desktop
Web Dashboard — axum REST API at :8787
Cron Scheduler — automated runs
Docker — compose-ready deployment
Webhooks — Slack, Discord, Telegram

🛡 Safety

AI policy detection
CLA auto-signing
Quality gate scoring
Duplicate PR prevention
Protected file guardrails

Supported Languages

Deep AST (tree-sitter)	Fallback Parser
Python · JavaScript · TypeScript · Go · Rust · Java	Kotlin → Java
C · C++ · Ruby · PHP · C# · HTML · CSS	Swift → Java · Vue/Svelte → HTML

📖 Commands

ContribAI ships with 40+ commands accessible via CLI or interactive menu.

🔥 Hunt & Contribute

contribai hunt                        # Autonomous discovery + PRs
contribai hunt --dry-run              # Analyze only, no PRs
contribai run                         # Single pipeline run
contribai target <url>                # Target specific repo
contribai analyze <url>               # Dry-run analysis
contribai solve <url>                 # Solve open issues

📊 Monitor & Stats

contribai patrol                      # Respond to PR reviews
contribai status                      # PR status table
contribai stats                       # Contribution statistics
contribai leaderboard                 # Merge rate by repo
contribai system-status               # DB, rate limits, scheduler

🖥️ Interactive & Config

contribai                             # Interactive menu (22 items)
contribai interactive                 # ratatui TUI browser
contribai init                        # Setup wizard
contribai login                       # Interactive auth + provider config
contribai config-list                 # Show all config
contribai config-get llm.provider     # Get config value
contribai config-set llm.provider openai  # Set config value
contribai profile security-focused    # Named profile

🌐 Servers & Tools

contribai web-server                  # Dashboard at :8787
contribai schedule                    # Cron scheduler
contribai mcp-server                  # MCP stdio server
contribai cleanup                     # Remove stale forks
contribai notify-test                 # Test Slack/Discord/Telegram

🏗 Architecture

ContribAI/
├── crates/contribai-rs/src/        ← Rust v6.2.0 (primary)
│   ├── cli/                        40+ commands + ratatui TUI
│   ├── core/                       Config, events, error types
│   ├── github/                     REST v3 + GraphQL client
│   ├── analysis/                   13-lang AST + 17 skills
│   ├── generator/                  LLM code generation + scoring
│   ├── orchestrator/               Pipeline + SQLite memory (72h TTL)
│   ├── llm/                        Multi-provider + 5 sub-agents
│   ├── pr/                         PR lifecycle + patrol + CI
│   ├── mcp/                        21-tool MCP server (stdio)
│   ├── web/                        axum dashboard + webhooks
│   ├── sandbox/                    Docker + local fallback
│   └── tools/                      Tool protocol interface
│
└── python/                         Legacy v4.1.0 (reference only)

🔧 Tech Stack

Layer	Technology
Language	Rust 2021 (primary), Python 3.11+ (legacy)
Async	Tokio (full), async/await throughout
HTTP	reqwest 0.12 (async, rustls-tls)
Database	SQLite (rusqlite, bundled)
LLM	Gemini 3.x, OpenAI, Anthropic, Ollama, Vertex AI
GitHub	REST API v3 + GraphQL
AST	tree-sitter (13 languages)
Web	axum 0.7 + tower-http
TUI	ratatui + crossterm
CLI	clap v4 + dialoguer + colored
Tests	602 tests (mockall, wiremock, tokio-test, criterion)

See docs/system-architecture.md for the full design.

🧪 Testing

cargo test                  # Run all 602 tests
cargo test -- --nocapture   # With stdout output
cargo test ast_intel        # AST module tests only
cargo clippy                # Lint check

🔌 MCP Server

Use ContribAI as a tool provider for Claude Desktop or Antigravity IDE:

{
  "mcpServers": {
    "contribai": {
      "command": "contribai",
      "args": ["mcp-server"]
    }
  }
}

21 tools available: repo analysis, PR management, GitHub search, issue solving, memory queries, and more.

🐳 Docker

docker compose up -d dashboard            # Dashboard at :8787
docker compose run --rm runner run        # One-shot pipeline run
docker compose up -d dashboard scheduler  # Dashboard + cron scheduler

📚 Documentation

Document	Description
Hall of Fame	10 merged · 14 closed across 21+ repos
AGENTS.md	AI agent guide — architecture, patterns, CLI reference
Deployment Guide	Install, Docker, config, all 22 CLI commands
System Architecture	Pipeline, middleware, events, LLM routing
Codebase Summary	Module map, tech stack, data structures
Project Roadmap	Version history and future plans

📄 License

AGPL-3.0 + Commons Clause — see LICENSE for details.

Built with Rust 🦀 and LLMs 🤖

Releases · Issues · Hall of Fame

Release History

Version	Changes	Urgency	Date
v6.8.0	### Added - `contribai prs` command — list submitted PRs from local memory with status filter: - `--status open\|merged\|closed\|failed\|all` (default `all`) - `--limit N` (default 20) - `--json` — emit a JSON array (PR number parsed as int) for piping to `jq`/scripts - Pretty mode color-codes status (green=merged, cyan=open, red=closed, yellow=failed) and renders date / PR# / repo / title / URL. - Complements `stats` (which shows only the last 5) by giving a full filtered view. - 4 u	High	4/27/2026
v6.4.1	See [CHANGELOG.md](https://github.com/tang-vu/ContribAI/blob/main/CHANGELOG.md) for details.	High	4/14/2026
v6.4.0	See [CHANGELOG.md](https://github.com/tang-vu/ContribAI/blob/main/CHANGELOG.md) for details.	High	4/14/2026
v6.3.0	See [CHANGELOG.md](https://github.com/tang-vu/ContribAI/blob/main/CHANGELOG.md) for details.	Medium	4/14/2026
v6.2.1	See [CHANGELOG.md](https://github.com/tang-vu/ContribAI/blob/main/CHANGELOG.md) for details.	High	4/14/2026
v6.2.0	### Added - Sprint 18 complete — Dependencies, benchmarks, binary optimization: - Criterion benchmark suite (5 benchmarks: AST extraction, framework detection, risk classification) - Rust dependabot (weekly automated dependency updates) - Test fixtures for benchmarking (Python/Rust/JavaScript samples) ### Changed - Dependencies updated: - tower 0.4 → 0.5 (compatible with axum 0.7) - Tree-sitter grammar audit (documented 0.23/0.24/0.25 compatibility) - **Binary size optimizati	High	4/10/2026
v6.1.0	### Added - Sprint 17 complete — Code quality & dead code removal: - Framework detection from imports (20+ frameworks: Django, React, Rails, etc.) - Copilot provider fully wired in all factory functions - Session dead code removed (commented out for future feature) - 5 new framework detection tests ### Fixed - 6 clippy warnings eliminated — Zero-warning strict lint: - Removed unused imports (`OpenOptions`, `std::io::Write`, `warn`, `CopilotProvider`) - Fixed `unwrap()` afte	Medium	4/10/2026
v6.0.0	## Plugin System + Enterprise Mode + i18n BREAKING CHANGE: Major version bump for plugin system architecture and enterprise features. ### Plugin System Extensible lifecycle hooks for pipeline events: ```yaml plugins: - name: "slack-notifier" hooks: [on_pr_created, on_error] config: webhook_url: "https://hooks.slack.com/test" channel: "#devops" - name: "custom-audit" hooks: [on_analysis_complete, on_pr_merged] ``` Available hooks: - `on_analysis_complete` —	High	4/7/2026
v5.20.0	## Client/Server Architecture + TUI Polish + Observability Complete infrastructure upgrade: remote API access, session management, and structured logging. ### Pipeline Server Mode - `contribai serve` — starts pipeline server with REST API (default port: 9876) - Bind to custom host/port: `contribai serve --host 0.0.0.0 --port 9876` ### REST API Endpoints \| Endpoint \| Method \| Auth \| Description \| \|----------\|--------\|------\|-------------\| \| `/api/health` \| GET \| Optional \| Server health ch	Medium	4/7/2026
v5.19.0	## Agent Modes + Permissions + Small Model + Sessions Complete feature pack: read-only analysis, rule-based access control, cost optimization, and undo support. ### Agent Modes - `plan` mode: read-only analysis, no code generation or PRs - `build` mode: full PR flow (default) - CLI: `contribai run --mode plan` ### Rule-Based Permission System - Granular file/shell access control with glob patterns (``, `*`, `?`) - Actions: `allow` \| `ask` \| `deny` - 6 permission types: `file_rea	Medium	4/7/2026
v5.18.0	## Sprint 11: Auth Ecosystem GitHub Copilot, Auto-Detection, Token Refresh, Fallback Chain. ### GitHub Copilot Provider - Exchange `gh auth` token for Copilot API access - Access gpt-4o, claude-sonnet-4, gemini-2.5-pro via Copilot subscription - No separate API key needed — just `gh auth login` - Auto-refresh token before expiry (5-min TTL, 30s safety buffer) ### Enhanced Login Flow - `contribai login` now detects ALL available auth sources: - Copilot (via gh CLI) - **	Medium	4/7/2026
v5.17.1	## Fix: Config Loading Bug ### Root Cause - `load_config(None)` was returning `ContribAIConfig::default()` instead of calling `ContribAIConfig::load()` - This caused ALL commands (`run`, `login`, etc.) to ignore user's saved `config.yaml` - Result: always falling back to `gemini` defaults, even when user configured `vertex` or `copilot` ### Fix - `load_config(None)` now searches default locations in order: 1. `./config.yaml` 2. `./config.yml` 3. `~/.contribai/config.yaml` 4. Defaul	Medium	4/7/2026
v5.17.0	## Sprint 1-7 Complete — First Pre-Built Release All 7 sprints combined into one major release with pre-built binaries for 4 platforms. ### Sprint 1: Critical Reliability (v5.9.0) - Circuit breaker for LLM failures (Closed → Open → HalfOpen) - E2E LLM parser tests against 18 real response shapes - Analyzer retry with exponential backoff (2s/4s/8s) - Tests: +51 ### Sprint 2: Security Hardening (v5.10.0) - Sandbox enabled by default (`sandbox.enabled: true`) - Prompt injection protection (1	Medium	4/7/2026
v5.16.0	## Documentation + Observability ### Documentation - `ARCHITECTURE.md`: Comprehensive system documentation - System overview, pipeline flow, component map - Data model, config reference, how-to guides - Adding CLI commands, LLM providers, analysis skills - `RUNBOOK.md`: Troubleshooting guide - 12 common issues with step-by-step resolutions - Debug mode, log locations, maintenance tasks - Emergency procedures (stop all runs, reset circuit breaker, nuclear reset) ### Observab	Medium	4/7/2026
v5.15.0	## Web Dashboard TLS Support ### HTTPS Dashboard Enable TLS via config: ```yaml web: tls_enabled: true tls_cert_path: /path/to/cert.pem tls_key_path: /path/to/key.pem ``` - Uses `axum-server 0.7` + `rustls` (no OpenSSL dependency) - Dashboard URL automatically switches from `http://` to `https://` - Config validation: rejects missing cert/key paths - Config validation: rejects `0.0.0.0` binding without TLS ### Dependencies Added - `axum-server 0.7` with `tls-rustls` feature ### Stats -	Medium	4/7/2026
v5.14.0	## Dream Race Condition Fix ### TOCTOU Race Fix - Replaced string-based DB lock with `DreamLock` using `Mutex<()>` - Eliminates race condition where two concurrent `maybe_dream()` calls could both pass gate checks and run consolidation simultaneously - Root cause: Old lock used a DB field (`dream_lock = "1"`) with check-then-set pattern — two instances could both see `0`, both set to `1`, both run ### DreamLock Implementation - Mutex-based advisory lock prevents concurrent dream consolidat	Medium	4/7/2026
v5.13.0	## Test Coverage Sprint ### 67 New Tests Across 5 Test Suites `ast_all_languages.rs` (22 tests) - Symbol extraction for all 13 languages: Python, JS, TS, Go, Rust, Java, C, C++, Ruby, PHP, C#, HTML, CSS - Edge cases: empty files, syntax errors, unicode content, deeply nested structures (50 levels), mixed file extensions `middleware_chain.rs` (11 tests) - Rate limit enforcement (allows under limit, blocks at limit, allows in dry-run) - Validation (passes valid repo, blocks empty repo n	Medium	4/7/2026
v5.12.0	### Added - LLM response cache: Content-addressable SHA-256 cache for `complete()` calls. Identical prompts return cached responses, skipping the API. Configurable TTL (default: 7 days) via `llm.cache_enabled` and `llm.cache_ttl_days`. - Parallel file fetching: Analyzer now fetches file contents concurrently (10 concurrent requests via semaphore), reducing analysis time by ~60% for large repos. - `contribai cache-stats`: Shows cache size, valid/expired entry counts, hit rate. - **`c	Medium	4/6/2026
v5.11.0	### Added - CLI refactored: `cli/mod.rs` reduced from 3,396 lines → 523 lines (85% reduction). All 26 command handlers extracted into `cli/commands/` directory, shared utilities in `cli/common.rs`. - Magic numbers extracted to config fields (`SandboxConfig.mode`, `require_validation`). - Expanded local validators: JavaScript/TypeScript, Go, Java syntax checks added. ### Refactored - `cli/mod.rs`: 3,396 → 523 lines - Each command handler in its own file under `cli/commands/` - S	Medium	4/6/2026
v5.10.0	### Added - Sandbox enabled by default (`sandbox.enabled = true`) with 3 modes: `"docker"` (full isolation), `"local"` (syntax check, default), `"ast"` (tree-sitter parse), `"off"` (no validation). `sandbox.require_validation` blocks PR submission on validation failure. - Prompt injection protection — repository content is sanitized before LLM calls: control characters stripped, XML-wrapped in `<repository-content>` tags, 10 known injection patterns detected and logged. System prompts h	Medium	4/6/2026
v5.9.0	### Added - Circuit Breaker for LLM failures: Full circuit breaker pattern (Closed → Open → HalfOpen) stops pipeline after consecutive LLM failures to save API quota. Configurable thresholds via `pipeline.circuit_breaker_failure_threshold` (default: 5), `success_threshold` (default: 2), `cooldown_secs` (default: 300). - `contribai circuit-breaker` CLI command: Shows current circuit state, failure count, cooldown remaining, and recovery status. - **Analyzer retry with exponential backoff	Medium	4/6/2026
v5.8.1	## What's New ### 🔗 Resolved Imports Separation (`core/models.rs`, `orchestrator/pipeline.rs`) - New `resolved_imports` field cleanly separates cross-file import data from `symbol_map` - Updated 6 construction sites across pipeline, engine, and models ### 🛡️ AST Depth Guard (`analysis/ast_intel.rs`) - Max depth 8 on `walk_import_nodes` to prevent infinite recursion in circular imports ### 🔍 Closed-PR Failure Analysis (`pr/patrol.rs`) - `analyze_closed_pr()` fetches reviewer feedback from r	Medium	4/5/2026
v5.8.0	## What's New ### 🔗 Cross-file Import Resolution (`analysis/ast_intel.rs`) - 5 languages: Python, JS/TS, Go, Rust, Java import graph traversal - 1-hop resolution with 20-file cap to prevent explosion - `symbol_map` now properly wired in pipeline (was always empty before) - Enables understanding of cross-module dependencies for smarter fixes ### 🧪 Integration Test Suite - 9 new integration tests (5 patrol + 4 hunt scenarios) - Mock GitHub infrastructure via `GitHubClient::with_base_ur	Medium	4/5/2026
v5.7.1	## What's New ### 🔧 Bug Fixes - Hunt command: CLI `hunt` now correctly calls `pipeline.hunt()` instead of `pipeline.run()`, enabling multi-round aggressive discovery mode - Code formatting: `cargo fmt --all` applied across entire codebase for consistent style ### 📊 Stats - All 394 tests passing, 0 failures Full Changelog: https://github.com/tang-vu/ContribAI/compare/v5.7.0...v5.7.1	Medium	4/4/2026
v5.7.0	## What's New ### ⏳ LLM Retry with Exponential Backoff (`llm/retry.rs`) - RetryingProvider wrapper wraps all LLM providers automatically - Retries on rate limits (429), server errors (5xx), and network timeouts - Does NOT retry auth errors — fails immediately for misconfig - 3 retries, 1s base delay, exponential growth (1→2→4s), capped at 30s - Jitter prevents thundering herd on shared API keys - `create_llm_provider()` now wraps every provider with retry - `create_llm_provider_raw	Medium	4/4/2026
v5.6.0	## What's New ### 🧠 Semantic Context Compression (`analysis/compressor.rs`) - 3-tier compression: Full source → Signature extraction → Truncated middle - Semantic chunking: Splits code at function/class boundaries using AST symbols - Signature extraction: Strips implementation bodies for Python, JS/TS, Rust, Go, Java - Default token budget: 30k tokens ### 💬 PR Conversation Memory (`orchestrator/memory.rs`) - New `pr_conversations` SQLite table stores full PR interaction	Medium	4/4/2026
v5.5.0	## What's New in v5.5.0 ### Multi-file PR Batching Pipeline now merges related findings into a single multi-file PR instead of creating separate PRs per finding. PRs with 2-5 file changes look more human and are more likely to be merged. ### Issue Solver (End-to-End) `contribai solve <repo_url>` now actually works — fetches solvable issues, generates code fixes via LLM, and creates PRs with `Fixes #N` auto-close linking. Previously only listed issues. ### PR Conversation Memory Patrol sto	Medium	4/3/2026
v5.4.2	See [CHANGELOG.md](https://github.com/tang-vu/ContribAI/blob/main/CHANGELOG.md) for details.	Medium	4/3/2026
v5.4.1	# ContribAI v5.4.1 ## 🔧 Bug Fixes ### MCP Server: Fix `invalid character '_'` initialization error The MCP JSON-RPC protocol communicates over stdout. Two sources were corrupting the channel: 1. `tracing_subscriber` defaulted to writing log output to stdout 2. `print_banner()` + `println!()` wrote ASCII art and status messages to stdout Clients (Claude Desktop, Antigravity) would receive `_____ ContribAI...` before the JSON response, causing `invalid character '_' looking for b	Medium	4/2/2026
v5.4.0	# ContribAI v5.4.0 ## 🌙 Dream Memory Consolidation New `dream` system that consolidates scattered memory entries into durable, well-organized repo profiles. - 3-gate trigger: Runs automatically when 24h have passed + 5 sessions completed + no concurrent dream - Repo profiling: Aggregates PR outcomes (merged/closed), feedback patterns, and review times into personality profiles per repo - Smarter targeting: Dream profiles inform which contribution types to prioritize for each repo	Medium	4/2/2026
v5.3.0	## What's New in v5.3.0 ### 13-Language Deep AST Analysis (tree-sitter) Expanded from 8 to 13 languages with native tree-sitter parsing: - New: Ruby, PHP, C#, HTML, CSS - Fallback: Kotlin/Swift use Java parser, Vue/Svelte use HTML parser ### All-Language Discovery (default) - Default now searches all 15 languages (was: python only) - Narrow via: contribai config-set discovery.languages ### Fixed: target and analyze Commands - Now directly target the specified repo URL - P	Medium	4/1/2026
v5.2.1	## What's Changed in v5.2.1 ### Critical Bug Fixes - Vertex AI endpoint: Fixed 404 error for global location - target and analyze commands: Fixed - now directly targets the specified repo - Preview models: v1beta1 API version for -preview models - Tilde path expansion: Fixed ~/.contribai/memory.db ### New Features - Gemini 3.x model catalog (3.1-pro, 3-pro, 3-flash, 3.1-flash-lite) - run_targeted() pipeline method - Better error logging with response preview - Default model:	Medium	4/1/2026
v5.2.0	# v5.2.0 ## What's New - Interactive Login (contribai login) - full config menu with dialoguer - Switch LLM providers (Gemini, Vertex AI, OpenAI, Anthropic, Ollama) - 4-Platform Binaries: Linux x86_64, Windows x86_64, macOS Intel, macOS ARM64 - Rust-First CI: fmt + clippy -D warnings + 335 tests + audit - Python legacy tests only with [python] label ## Fixes - Resolved 24+ clippy warnings across 9 files - Replaced deprecated highlight_style in TUI - Cross-compilation for macOS ARM64 - Idiomat	Medium	4/1/2026
v5.0.0	## What's New in v5.0.0 ContribAI fully rewritten in Rust — 100% feature parity with Python v4.1.0. ### Performance vs Python v4 \| Metric \| Python v4 \| Rust v5 \| \|---\|---\|---\| \| Startup \| ~800ms \| ~5ms \| \| Speed \| 1x \| ~10–50x \| \| Binary \| needs runtime \| ~4.5 MB \| \| Memory \| ~120 MB \| ~8 MB \| ### 21 CLI Commands `run` `hunt` `patrol` `target` `analyze` `solve` `stats` `status` `leaderboard` `models` `templates` `profile` `cleanup` `notify-test` `system-status` `web-server` `schedule` `mcp-	Medium	3/31/2026
v5.1.0	## What's New in v5.1.0 ### 🖥️ Interactive TUI (\contribai interactive\) Full terminal UI built with ratatui + crossterm — browse PRs, repos, and run operations without leaving the terminal. \| Tab \| Description \| \|---\|---\| \| Dashboard \| Stats (total PRs, merge rate, repos analyzed) + recent PRs \| \| PRs \| Full scrollable history with ✅/❌/🟡 status colors \| \| Repos \| Per-repo merge rate display \| \| Actions \| 14 CLI commands with keyboard preview \| Keys: \Tab\/\1-4\ switch tabs · \j\/\k	Medium	3/31/2026
v4.1.0	### Added - Antigravity MCP Integration: ContribAI MCP server now works with Antigravity IDE (Google Gemini) in addition to Claude Desktop — configure via `mcp_config.json` for native tool access to all 14 GitHub operations - Documented MCP setup for both Claude Desktop and Antigravity IDE ### Changed - PR Title Format: Removed emoji prefixes from generated PR titles for a cleaner, more professional appearance (`"Quality: fix race condition"` instead of `"✨ Quality: fix race condition"	Medium	3/28/2026
v4.0.0	### Added - Repo Intelligence Layer (`contribai/analysis/repo_intel.py`): Profiles target repos before contributing — analyzes merged PR patterns, identifies high-value issues, tracks review speed, and injects intelligence into LLM prompts for focused contributions - Smart Dedup (PR History Injection): Past PR titles injected directly into analysis prompts with "DO NOT REPEAT" instruction — prevents rediscovering already-fixed bugs - Issue-First Hunt Strategy (`_hunt_issues_globally	Medium	3/28/2026
v3.0.6	## What's New ### 🗑️ Auto-close Linked Issues - When a PR is closed (CI failure or maintainer reject), linked issues are now automatically closed - Extracts \Closes/Fixes/Resolves #N\ from PR body and closes each issue - New \close_issue()\ method in GitHubClient with \state_reason: not_planned\ - Works in both pipeline (CI failure) and patrol (maintainer close detection) ### 🚫 SKIP_DIRECTORIES Filter - Skip findings in low-value directories: \examples\, \example\, \samples\, \demo\, \docs\,	Medium	3/27/2026
v3.0.5	## v3.0.5 — Critical Security & Reliability Fixes ### Critical Fixes - Webhook signature bypass: FastAPI returned HTTP 200 instead of 403 on invalid signatures — now returns 403 via JSONResponse - RetryMiddleware re-entry bug: Shared mutable index caused retries to skip downstream middlewares — now uses immutable per-call index - Context compressor wrong kwarg: `system_prompt=` corrected to `system=` for LLM providers ### High Priority Fixes - Webhook payload size bypass: Missi	Medium	3/27/2026
v3.0.4	## v3.0.4 — Security Hardening, Notification Retry & Docs ### Security - Timing attack fix: API key verification now uses `hmac.compare_digest()` for constant-time comparison - Payload size limit: Webhook endpoint validates `Content-Length` header (10 MB max) to reject oversized payloads ### Improved - Notification retry: Failed sends now retry with exponential backoff (3 attempts: 1s, 2s, 4s) - MCP client timeout: `StdioMCPClient` timeout is now configurable via constructor pa	Medium	3/27/2026
v3.0.3	## v3.0.3 - PR Permission Pre-check ### New Feature - Collaborator-only repo detection: Automatically detects repos that restrict PRs to collaborators before running expensive analysis/generation pipeline (~30min of LLM calls saved per skipped repo). ### How It Works (3 layers) 1. Pre-check (\_check_pr_permissions()\ in pipeline): Calls GitHub permission API + checks \llow_forking\ repo setting BEFORE starting analysis 2. Both paths covered: Check inserted in both \_process_repo\	Medium	3/27/2026
v3.0.2	## v3.0.2 - Critical Generation Fix ### Bug Fix - [CRITICAL] Fix AttributeError in _validate_changes(): The validation method was treating FileChange Pydantic objects as raw dicts (using .get()), causing AttributeError: 'FileChange' object has no attribute 'get' on every successful generation. This was the root cause of all 'generated: 0' failures across all repositories. ### Improvements - Tuned self-review prompt: Changed from strict ('Does it follow good coding practices?') to	Medium	3/27/2026
v3.0.1	## 🔧 v3.0.1 — Code Generation Quality Improvements ### Bug Fixes - Robust JSON extraction — Handle LLM responses with extra text, markdown fences, or multiple JSON objects (fixes 'Extra data' parse errors) - String-aware bracket validator — Skip brackets inside strings and comments to prevent false validation rejections ### Improvements - Retry with feedback — Automatically retry generation once with error context when parse/validate fails - Fuzzy matching (difflib) — Add Sequ	Medium	3/27/2026
v3.0.0	## 🚀 v3.0.0 — Major Release ### New Features #### F1: EventBus Pipeline Integration - 10 event types emitted throughout the pipeline (PIPELINE_START/COMPLETE, ANALYSIS, GENERATION, PR_CREATED, HUNT_ROUND, MEMORY, ERROR) - Automatic JSONL file logging via `FileEventLogger` - Full observability into pipeline execution #### F2: ContextCompressor in Analyzer - Token-budget compression applied to fetched source files before LLM analysis - Automatic truncation + signature extraction for large file	Medium	3/27/2026
v2.8.1	## What's New ### Human-in-the-Loop Review Gate - New `review_gate.py` — Rich terminal UI for reviewing contributions before PR creation - Shows finding details, generated code changes, and commit message in formatted panels - User chooses: [y]es (create PR), [n]o (reject), [s]kip - Configurable via `pipeline.human_review: true` in config.yaml - Default: `false` (backward compatible — preserves autonomous behavior) Full Changelog: https://github.com/tang-vu/ContribAI/compare/v2	Medium	3/26/2026
v2.8.0	## What's New ### AgentScope-Inspired Patterns Adopted best practices from [AgentScope](https://github.com/agentscope-ai/agentscope) (Alibaba DAMO, 8.5k stars). #### LLM-Driven Context Compression - `ContextCompressor.summarize_with_llm()` — structured summaries via LLM instead of brute-force truncation - Template: Task Overview, Current State, Important Discoveries, Context to Preserve - Graceful fallback to truncation if LLM unavailable #### Auto-Load/Save Working Memory - Pipeline auto-lo	Medium	3/26/2026
v2.7.0	## What's New ### 4 Architecture Patterns (inspired by DeerFlow, SWE-agent, OpenHands, Codex) - P1: History Compression — `ContextCompressor` reduces token usage by truncating, extracting Python signatures, and summarizing findings compactly - P2: Working vs Archival Memory — `working_memory` table with TTL-based hot/cold context separation for smarter cross-repo learning - P3: Event-Stream Architecture — `EventBus` with 15 typed events, async subscribers, and JSONL file logging fo	Medium	3/26/2026
v2.6.0	## What's New in v2.6.0 ### 🔌 MCP Server (PR #3 — @Hoang130203) - 14 MCP tools exposed via stdio for Claude Desktop integration - GitHub Read: search_repos, get_repo_info, get_file_tree, get_file_content, get_open_issues - GitHub Write: fork_repo, create_branch, push_file_change, create_pr, close_pr - Safety: check_duplicate_pr, check_ai_policy - Maintenance: patrol_prs, cleanup_forks, get_stats - Resource cleanup on shutdown (try/finally) - Fork delete safety guard (verifies `fork==true`	Medium	3/26/2026
v2.5.0	## What's New in v2.5.0 ### Pipeline Wiring (DeerFlow Architecture) - MiddlewareChain now fully wired into pipeline (5 middlewares, config-driven) - AgentRegistry wired with 5 agents: Analyzer, Generator, Patrol, Compliance, IssueSolver - ToolRegistry wired with GitHub + LLM tools - Generator now receives Memory for repo_preferences injection ### New Features - `contribai system-status` command — memory stats, recent PRs, GitHub rate limit - `IssueSolverAgent` — 5th agent wrapping	Medium	3/25/2026
v2.4.1	## Bug Fixes - Fixed `summarize_findings()` used `Finding.contribution_type` instead of `Finding.type` — caused `AttributeError` during hunt mode - Fixed SECURITY.md referenced non-existent email domain — now uses GitHub Issues ## Added - 86 new unit tests for v2.4.0 modules (middleware, skills, registry, protocol) — 333 total tests, 53% coverage - `docs/ARCHITECTURE.md` — detailed architecture documentation with diagrams - `AGENTS.md` — AI-friendly guide for Copilot, Claude, Codera	Medium	3/25/2026
v2.4.0	## What's New Inspired by [ByteDance DeerFlow 2.0](https://github.com/bytedance/deer-flow), this release introduces 6 architectural improvements: ### 🏗️ Architecture - Middleware Chain — 5 built-in middlewares (RateLimit, Validation, Retry, DCO, QualityGate) - Sub-Agent Registry — 4 agents (Analyzer, Generator, Patrol, Compliance) with parallel execution - Tool Protocol — MCP-inspired ToolRegistry with GitHubTool and LLMTool wrappers ### 🧠 Intelligence - **Progressive Skill Load	Medium	3/25/2026

Dependencies & License Audit

Loading dependencies...

Similar Packages

claude-doctor-skillAudit projects for security, broken hooks, tests, and CI issues across 20+ languages with adaptive scoring and actionable fixes.main@2026-06-04

crab-code🦀 Open-source alternative to Claude Code, built from scratch in Rust. Agentic coding CLI — thinks, plans, and executes with any LLM. Compatible with Claude Code workflows.main@2026-06-03

PulSeedAn AI agent system that grows your goals from seed to tree. Set a goal — Seedy observes, delegates, and tracks until done.v0.6.6

spacebotAn AI agent for teams, communities, and multi-user environments.v0.5.0

sofiaAutonomous local AI assistant in Go — 40+ tools, 20+ LLM providers, multi-agent orchestration, self-improvingmain@2026-04-23

More in Testing

fspecFSPEC: The Spec-Driven, Multi-Agent Coding Factory. It is infrastructure for the "Dark Factory"—the emerging model of fully autonomous software development where AI agents handle all implementation wh

vector-db-benchmarkFramework for benchmarking vector search engines

GitoAn AI-powered GitHub code review tool that uses LLMs to detect high-confidence, high-impact issues—such as security vulnerabilities, bugs, and maintainability concerns.

mxcliMendix cli tool, a headless way to work with Mendix projects. Enables Mendix projects for use with 3rd party agentic coding tools like Claude Code and Copilot. Includes a starlark linter for quality v